Skip to content

Latest commit

 

History

History
62 lines (45 loc) · 1.56 KB

semgrep.md

File metadata and controls

62 lines (45 loc) · 1.56 KB
title sidebar_label description
Semgrep
Semgrep
CodeRabbit's guide to Semgrep.
 
import ProPlanNotice from '@site/src/components/ProPlanNotice.mdx';

<ProPlanNotice />

Semgrep is an open-source static analysis tool designed to scan code for security vulnerabilities and code quality issues.

Configuration

Semgrep uses a YAML style configuration file. By default, we will automatically use the following files if any are set in the root directory of your repository.

  • semgrep.yml or semgrep.yaml
  • semgrep.config.yml or semgrep.config.yaml

Semgrep supports the following config files:

  • User-defined config file set at reviews.tools.semgrep.config_file in your project's .coderabbit.yaml file or setting the "Review → Tools → Semgrep → Config File" field in CodeRabbit's settings page.

Due to licensing, CodeRabbit does not ship with the community-created Semgrep rules.

:::note

CodeRabbit will only run Semgrep if your repository contains a Semgrep config file. This config must use the default file names, or you must define the path to this file in the .coderabbit.yaml or config UI.

:::

Links

Files

Semgrep will run on the following files types:

  • C/C++
  • C#
  • Go
  • Java
  • JavaScript
  • Kotlin
  • Python
  • TypeScript
  • Ruby
  • Rust
  • JSX
  • PHP
  • Scala
  • Swift
  • Terraform
  • JSON